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CLAIMS 

What is claimed is: 

1 , A method for registering a mobile node with a home agent comprising: 
5 determining a home agent; 

establishing between the mobile node and the determined home agent a security 

tunnel having associated with said tunnel a single security association; and 
registering the mobile node with the home agent using the security tunnel. 

2. The method of Claim 1 wherein establishing a security tunnel comprises: 

10 creating a security policy database for at least one of a binding update message, a 

retum routability message, prefix discovery message and payload data packet; 
and 

associating two or more security policy databases with a security tunnel using a 
single security association. 

15 3. The method of Claim 1 wherein registering the mobile node with the home agent 
comprises: 

dispatching a binding update request to the home agent using the security tunnel; 
and 

receiving a binding update acknowledgement by way of a reverse path security 
20 tunnel. 

4. The method of Claim 1 further comprising discovering an applicable prefix for the home 
agent using the security tunnel. 

5. The method of Claim 1 further comprising conveying data to a correspondent node using 
the security tunnel. 

25 6. The method of Claim 1 further comprising communicating a retum routability signal to 
the home agent using the security tunnel. 
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7. The method of Claim 1 further comprising establishing a reverse path security tunnel 
having associated with said tunnel a single security association. 

8. The method of Claim 7 wherein establishing a reverse path security tunnel comprises 

creating a security policy database for at least one of a binding update message, a 
5 return routability message, prefix discovery message and payload data packet; 

and 

associating one or more security policy databases with a security tunnel using a 
single security association. 

9. A mobile node comprising: 

10 mobile communication interface capable of communicating with a mobile 

network; 

home agent determination unit capable of identifying a home agent; 

security txmneling unit capable of establishing and maintaining a security tunnel 

between the mobile node and an identified home agent, wherein an established 
15 security tuimel uses a single security association descriptor for one or more 

data paths; and 

registration unit capable of registering the mobile node with an identified home 
agent using an established security tunnel. 

10. The mobile node of Claim 9 wherein the security tunnel unit comprises: 

20 security association descriptor capable of storing a security association; 

security policy descriptor capable of storing a security policy for at least one of a 
binding update message, a retum routability message, a prefix discovery 
solicitation message and a payload data packet; 
messaging unit capable of formatting a secure message according to an incoming 
25 message that includes at least one of a binding update message, a retum 

routability message, a prefix discovery message and a payload data packet and 
according to a security association stored in the security association descriptor 
and further capable of formatting a secure message using a security policy 
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stored in any of the security policy descriptors, wherein the security policy 
descriptor is selected according to the type of the incoming message. 

1 1 . The mobile node of Claim 9 wherein the registration unit comprises: 

binding request message unit that directs to the security tunneling unit a binding 

message directed to a home agent according to an indicator received from the 

home agent determination unit; and 
binding acknowledgement imit that receives a binding update acknowledgement 

from the security tunneling unit according to a tunneling packet received from 

the home agent using a reverse path security tunnel. 

12. The mobile node of Claim 9 further comprising a prefix discovery imit capable of 
discovering an apphcable prefix for the determined home agent using the established 
security tunnel. 

13. The mobile node of Claim 9 further comprising a payload unit capable of accepting data 
fi-om a client and directing it to the security tunneling unit. 

14. The mobile node of Claim 9 further comprising route discovery vmit capable of 
dispatching a retum routability message to the security tunneling unit. 

15. The mobile node of Claim 9 wherein the security tunneling unit is capable of establishing 
and maintaining a reverse path security tunnel between the mobile node and an identified 
home agent. 

16. The mobile node of Claim 15 wherein the security tunneling xmit comprises: 

reverse path security association descriptor capable of storing a security 
association; 

reverse path security policy descriptor capable of storing a security policy for at 
least one of a binding update acknowledgement message, a return routability 
reply message, a prefix discovery advertisement message and a retum payload 
data packet wherein the messaging imit is capable of imsecuring a secure 
tunneling message according to a security association stored in the reverse 
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path security association descriptor and according to a security descriptor 
stored in at least one of the reverse path security policy descriptors wherein 
the reverse path security policy descriptor is selected according to the type of 
secure tunneling message received. 



17. A mobile node comprising: 

processor for executing instruction an sequence; 
memory for storing an instructions sequence; 

mobile commimications interface for communicating with a mobile network; 
instruction sequences stored in the memory including: 



home agent determination instruction sequence that, when executed by 
the processor, minimally causes the processor to identify a home 
agent for the mobile node; 

security tunneling instruction sequence that, when executed by the 
processor, minimally causes the processor to establish a security 
tunnel from the mobile node to an identified home agent where the 
security tunnel uses a single security association descriptor to 
secure a plurality of data paths; and 

registry instruction sequence that, when executed by the processor, 
minimally causes the processor to register the mobile node with an 
identified home agent. 



18. The mobile node of Claim 17 wherein the security tunneling instruction sequence causes 
the processor to estabhsh a security tunnel by minimally causing the processor to create a 
single security association that can be used by a plurality of data paths, including, but not 
limited to data paths for a binding update message, a return routability message, a prefix 
discovery message and a payload data packet. 

19. The mobile node of Claim 17 wherein the registry instruction sequence causes the 
processor to register the mobile node by minimally causing the processor to dispatch a 
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binding update request to an identified home agent using a security tunnel established by 
the processor when it executes the security tunneling instruction sequence. 

20. The mobile node of Claim 17 further comprising a prefix discovery instruction sequence 
that, when executed by the processor, minimally causes the processor to discover a prefix 

5 for an identified home agent using a security tunnel established by the processor when it 

executes the security tunneling instruction sequence. 

21. The mobile node of Claim 17 further comprising a pay load instruction sequence that, 
when executed by the processor, minimally causes the processor to direct a payload data 
packet to an identified home agent using a security tunnel established by the processor 

10 when it executes the security tunneling instruction sequence. 

22. The mobile node of Claim 17 further comprising a return path verification instruction 
sequence that, when executed by the processor, minimally causes the processor to direct a 
return routability message to an identified home agent using a security tuimel established 
by the processor when it executes the security tunneling instruction sequence. 

15 23. The mobile node of Claim 17 wherein the security tunneling instruction sequence further 
minimally causes the processor to establish a reverse path security tunnel capable of 
carrying a plurality of data paths using a single security association. 

24. The mobile node of Claim 23 wherein the security tunneling instruction sequence, when 
executed by the processor, minimally causes the processor to establish a reverse path 

20 security tunnel by: 

creating a security policy database for at least one of a binding update message, a 
retum routability message, prefix discovery message and payload data packet; 
and 

associating one or more security policy databases with a reverse path security 
25 tunnel using a single security association. 

25. A computer readable medium having imparted thereon instruction sequences for 
registering a mobile node with a home agent including: 
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home agent determination instruction sequence that, when executed by a 

processor, minimally causes the processor to identify a home agent for the 
mobile node; 



5 



security tunneling instruction sequence that, when executed by a processor, 
minimally causes the processor to establish a security tunnel from the mobile 
node to an identified home agent where the security tunnel uses a single 
security association descriptor to secure a plurality of data paths; and 



registry instruction sequence that, when executed by a processor, minimally 

causes the processor to register the mobile node with an identified home agent. 



10 26. The computer readable medium of Claim 25 wherein the secxmty tunneling instruction 



1 5 27. The computer readable medium of Claim 25 wherein the registry instruction sequence 
causes the processor to register the mobile node by minimally causing the processor to 
dispatch a binding update request to an identified home agent using a secxmty tunnel 
established by the processor when it executes the security tunneling instruction sequence. 

28. The computer readable medium of Claim 25 further comprising a prefix discovery 
20 instruction sequence that, when executed by the processor, minimally causes the 

processor to discover prefix for an identified home agent using a security tunnel 
established by the processor when it executes the security tunneling instruction sequence. 

29. The computer readable medium of Claim 25 further comprising a payload instruction 
sequence that, when executed by the processor, minimally causes the processor to direct a 

25 payload data packet to an identified home agent using a security tunnel established by the 

processor when it executes the security tunneling instruction sequence. 

30. The computer readable medium of Claim 25 further comprising a return path verification 
instruction sequence that, when executed by the processor, minimally causes the 



sequence causes a processor to establish a security tunnel by minimally causing the 
processor to create a single security association that can be used by a plurality of data 
paths, including, but not limited to data paths for a binding update message, a return 
routabihty message, a prefix discovery message and a payload data packet. 
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processor to direct a return routability message to an identified home agent using a 
security tunnel established by the processor when it executes the security tunneling 
instruction sequence. 

3 1 . The computer readable medium of Claim 25 wherein the security tunneling instruction 
5 sequence further minimally causes the processor to establish a reverse path security 

tunnel capable of carrying a plurality of data paths using a single security association. 

32. The computer readable medium of Claim 3 1 wherein the security tunneling instruction 
sequence, when executed by the processor, minimally causes the processor to establish a 
reverse path security tunnel by: 

10 creating a security policy database for at least one of a binding update message, a 

return routability message, prefix discovery message and payload data packet; 
and 

associating one or more security policy databases with a reverse path security 
tunnel using a single security association. 

15 33. A mobile node comprising: 

means for determining a home agent; 

means for establishing a single-security-association based security tunnel between 

the mobile node and a determined home agent; and 
means for registering the mobile node using an established security tuimel. 

20 34. The apparatus of Claim 33 wherein the means for establishing a single-security 

association based security tunnel comprises means for associating a plurality of security 
policy databases with a single security association. 

35. The apparatus of Claim 33 wherein the means for registering the mobile node comprises: 
means for dispatching a binding update message to an identified home agent using 
25 an established security tunnel; and 

means for receiving a binding update acknowledgement by way of a reverse path 
security tunnel. 
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36. The apparatus of Claim 33 further comprising a means for discovering an applicable 
prefix for the home agent using an established security tunnel. 

37. The apparatus of Claim 33 further comprising a means for conveying data to a 
correspondent node using an established security tunnel. 

38. The apparatus of Claim 33 further comprising a means for commvinicating a return 
routability signal to a determined home agent using an established security tunnel. 

39. The apparatus of Claim 33 further comprising a means for establishing a reverse path 
single-security-association based security tunnel. 

40. The apparatus of Claim 39 wherein the means for establishing a reverse path security 
tunnel comprises means for associating a plurality of security policy databases with a 
single security association. 
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